Privacy Policy

Macagram by Luis Services

Last updated: June 12, 2026

1. What We Collect

When you create an account on Macagram, we store your username and a bcrypt-hashed password. You may optionally provide an email address. All data is stored locally on your private server at /Volumes/drive./users.db.

Posts, images, videos, and messages you create are stored in the same local database and on the server's file system. Nothing is sent to third parties.

2. Passkeys / WebAuthn

If you register a passkey, the public key credential is stored in the local database. The private key never leaves your device. Passkey authentication uses your device's biometric sensor (Touch ID, Face ID, or PIN).

3. Session Cookies

Login creates a session cookie (connect.sid) valid for 7 days. It contains no personal data — just a random session ID. The cookie is httpOnly and uses sameSite: lax for security.

4. Discord Bot

If you use the Discord integration, chat messages and game events are forwarded to your designated Discord server via a bot and webhook. Only the messages you explicitly send are transmitted. The bot does not store messages.

5. Battery / Presence

The optional presence feature lets you manually share your battery percentage and online status. This data is stored temporarily in server memory (cleared after 5 minutes of inactivity). It is never written to disk.

6. Your Rights

• You can delete your posts, messages, and account at any time.
• All data is controlled by you — it lives on your hardware.
• No analytics, no tracking, no telemetry.
• No data is sold, shared, or sent to third parties.

7. Security

Passwords use bcrypt (10 salt rounds). Communications use HTTPS via Cloudflare tunnel when accessed remotely. The server runs on your local network. Keep your server password and SSH keys secure.

8. Contact

This service is self-hosted. For privacy concerns, contact the server administrator (you).